/* run-keysign.c - Test tool to sign a key and to revoke a key signature * Copyright (C) 2016 g10 Code GmbH * * This file is part of GPGME. * * GPGME is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * GPGME is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . * SPDX-License-Identifier: LGPL-2.1-or-later */ /* We need to include config.h so that we know whether we are building with large file system (LFS) support. */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #define PGM "run-keysign" #include "run-support.h" static int verbose; static gpg_error_t status_cb (void *opaque, const char *keyword, const char *value) { (void)opaque; fprintf (stderr, "status_cb: %s %s\n", nonnull(keyword), nonnull(value)); return 0; } static unsigned long parse_expire_string (const char *string) { unsigned long seconds; if (!string || !*string || !strcmp (string, "none") || !strcmp (string, "never") || !strcmp (string, "-")) seconds = 0; else if (strspn (string, "01234567890") == strlen (string)) seconds = strtoul (string, NULL, 10); else { fprintf (stderr, PGM ": invalid value '%s'\n", string); exit (1); } return seconds; } static int show_usage (int ex) { fputs ("usage: " PGM " [options] FPR USERIDS\n\n" "Options:\n" " --verbose run in verbose mode\n" " --status print status lines from the backend\n" " --loopback use a loopback pinentry\n" " --signer NAME use key NAME for signing/revoking\n" " --local create a local signature\n" " --noexpire force no expiration\n" " --expire EPOCH expire the signature at EPOCH\n" " --revoke revoke the signature(s)\n" , stderr); exit (ex); } int main (int argc, char **argv) { int last_argc = -1; gpgme_error_t err; gpgme_ctx_t ctx; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; const char *signer_string = NULL; int print_status = 0; int use_loopback = 0; const char *userid; unsigned int keysign_flags = 0; unsigned long expire = 0; int revoke = 0; unsigned int revoke_flags = 0; gpgme_key_t thekey; gpgme_key_t signing_key = NULL; int i; size_t n; char *userid_buffer = NULL; if (argc) { argc--; argv++; } while (argc && last_argc != argc ) { last_argc = argc; if (!strcmp (*argv, "--")) { argc--; argv++; break; } else if (!strcmp (*argv, "--help")) show_usage (0); else if (!strcmp (*argv, "--verbose")) { verbose = 1; argc--; argv++; } else if (!strcmp (*argv, "--status")) { print_status = 1; argc--; argv++; } else if (!strcmp (*argv, "--signer")) { argc--; argv++; if (!argc) show_usage (1); signer_string = *argv; argc--; argv++; } else if (!strcmp (*argv, "--loopback")) { use_loopback = 1; argc--; argv++; } else if (!strcmp (*argv, "--local")) { keysign_flags |= GPGME_KEYSIGN_LOCAL; argc--; argv++; } else if (!strcmp (*argv, "--noexpire")) { keysign_flags |= GPGME_KEYSIGN_NOEXPIRE; argc--; argv++; } else if (!strcmp (*argv, "--expire")) { argc--; argv++; if (!argc) show_usage (1); expire = parse_expire_string (*argv); argc--; argv++; } else if (!strcmp (*argv, "--revoke")) { revoke = 1; argc--; argv++; } else if (!strncmp (*argv, "--", 2)) show_usage (1); } if (revoke && !signer_string) { fprintf (stderr, PGM ": please specify the signer key\n"); exit (1); } if (!argc) show_usage (1); userid = argv[0]; argc--; argv++; init_gpgme (protocol); err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_protocol (ctx, protocol); gpgme_set_armor (ctx, 1); if (print_status) { gpgme_set_status_cb (ctx, status_cb, NULL); gpgme_set_ctx_flag (ctx, "full-status", "1"); } if (use_loopback) { gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK); gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); } if (signer_string) { err = gpgme_get_key (ctx, signer_string, &signing_key, 1); if (err) { fprintf (stderr, PGM ": error getting signer key '%s': %s\n", signer_string, gpg_strerror (err)); exit (1); } err = gpgme_signers_add (ctx, signing_key); if (err) { fprintf (stderr, PGM ": error adding signer key: %s\n", gpg_strerror (err)); exit (1); } } err = gpgme_get_key (ctx, userid, &thekey, 0); if (err) { fprintf (stderr, PGM ": error getting key for '%s': %s\n", userid, gpg_strerror (err)); exit (1); } if (argc > 1) { /* Several user ids given */ for (i=0, n = 0; i < argc; i++) n += strlen (argv[1]) + 1; n++; userid_buffer = malloc (n); if (!userid_buffer) { fprintf (stderr, PGM ": malloc failed: %s\n", gpg_strerror (gpg_error_from_syserror ())); exit (1); } *userid_buffer = 0; for (i=0; i < argc; i++) { strcat (userid_buffer, argv[i]); strcat (userid_buffer, "\n"); } userid = userid_buffer; keysign_flags |= GPGME_KEYSIGN_LFSEP; revoke_flags |= GPGME_REVSIG_LFSEP; } else if (argc) { /* One user id given */ userid = *argv; } else { /* No user id given. */ userid = NULL; } if (revoke) { err = gpgme_op_revsig (ctx, thekey, signing_key, userid, revoke_flags); if (err) { fprintf (stderr, PGM ": gpgme_op_revsig failed: %s\n", gpg_strerror (err)); exit (1); } } else { err = gpgme_op_keysign (ctx, thekey, userid, expire, keysign_flags); if (err) { fprintf (stderr, PGM ": gpgme_op_keysign failed: %s\n", gpg_strerror (err)); exit (1); } } free (userid_buffer); gpgme_key_unref (signing_key); gpgme_key_unref (thekey); gpgme_release (ctx); return 0; }